396 lines
24 KiB
HTML
396 lines
24 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>Your Own Home Domain With ADSL LG #65</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<CENTER>
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.png"
|
|
WIDTH="600" HEIGHT="124" border="0"></H1></A>
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="arndt.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue65/chan.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="collinge.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
<P>
|
|
</CENTER>
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4 ALIGN="center">
|
|
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
|
|
<P> <HR> <P>
|
|
<!--===================================================================-->
|
|
|
|
<center>
|
|
<H1><font color="maroon">Your Own Home Domain With ADSL</font></H1>
|
|
<H4>By <a href="mailto:rayxtra@hotmail.com">Ray Chan</a></H4>
|
|
</center>
|
|
<P> <HR> <P>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
<P> <EM>Note: Domain names and IP numbers in this article have been changed.
|
|
I have no connection with myfakedomain.com and myhome.net--please do not send
|
|
questions or complaints to them.</EM>
|
|
|
|
<P>
|
|
<B>Acknowledgement</b><P>
|
|
This article is a walk through the steps I did
|
|
to host my own domain name at home.
|
|
It is not a guide or tutorial about how to set up and host your domain.
|
|
There are already lots of HOW-TOs
|
|
and tutorials on that topic. However, this artice provides working example for your reference, and I've also included
|
|
URLs to some really useful web sites. <P>
|
|
<B>Background</b><P>
|
|
In late 2000, when everyone were talking or already using broadband, I was
|
|
still using my Hayes 28.8kbps modem to surf the net. My reason is simple, none of the broadband
|
|
provider provides fix I.P. address although they did provide unlimited usage plan. I have a few
|
|
domains name registered and hosting at some ISP. The service of the web hosting companies are
|
|
limiting to html, perl cgi, pop server and maybe mod_rewrite. They never provide SMTP, MySQL, PHP4.
|
|
whatever useful or at a really high price. That's why I'm looking for a broadband provider
|
|
willing to provides fix I.P. so that I can host my own web site and run whatever I want.<P>
|
|
|
|
Thanks god. At Jan 2001, one of the broadband provider at my area annouced that they
|
|
will provides fix I.P. with extra cost. It is really expensive but hey that's what I need. I'm willing
|
|
to pay for any services that fit my needs. On the other hand, I can save a lot of butts from web hosting
|
|
company where my domain names currently located. Why not dynamic I.P.? Yes dynamic I.P. may also do the same
|
|
using some tricks with dynamic DNS as provided by no-ip, DynDNS... etc. but it is too annonying and
|
|
not really good if you are going to host your own email server. <P>
|
|
|
|
<B>Planning the Network</b><P>
|
|
|
|
OK I subscribed to the broadband service finally. It takes two weeks to arrange a technical guy to
|
|
install the splitter and ADSL modem. Actually I can do it myself but they don't want me to. Anyway this
|
|
is a good time to build the network and prepair for the
|
|
high speed connection. Before actually building the network, it is better to think about the topology
|
|
first. I make use of my spare old hardware and spent some money to build two linux box.
|
|
One linux box will be the baston host running Apache web server, ftp server, email server and MySQL
|
|
database server. The baston host will act as an exterior router routing traffic between the internet
|
|
and the intranet. The other linux box will be the Intranet server hosting internal application and
|
|
data. The intranet box will act as an interior router. Someone asked, why two linux box? Well,
|
|
for security reason of course. Please refer to your technical books about firewalling
|
|
for details explaination. Figure 1 shows the network diagram of my home network.<P>
|
|
|
|
<IMG SRC="misc/chan/raynet.jpg" VSPACE="20" BORDER="2"><P>
|
|
|
|
Since I got only one fixed IP, I'm not going to run any high traffic web site.
|
|
Only one baston host may do the job well, since it is a basic and simple
|
|
network. It is the solution for me, not neccessary for everyone who are reading
|
|
this article. Again, think about your own plan.<P>
|
|
|
|
<B>Building the network</b><P>
|
|
I downloaded and installed RedHat 7.0 to both of the linux boxes. Choose your own packages that sounds
|
|
interest to you. It is fine for you to use other distribution. However, there were some essential
|
|
components required in order to setup an internet server. Please refer to the HOW-TO at linuxdocs.org.
|
|
Again this is not a tutorial. I strongly suggest the following HOW-TOs for this section:<P>
|
|
<LI><A HREF="http://linuxdocs.org/HOWTOs/ISP-Setup-RedHat.html">ISP-Setup-ReadHat</a>
|
|
<LI><A HREF="http://linuxdocs.org/HOWTOs/DSL-HOWTO/index.html">DSL HOWTO for Linux</a>
|
|
<P>
|
|
|
|
And the following mini-HOWTOs:<P>
|
|
<LI><A HREF="http://linuxdocs.org/HOWTOs/mini/Domain.html">Setting Up Your New Domain Mini-HOWTO</a>
|
|
<LI><A HREF="http://linuxdocs.org/HOWTOs/mini/Home-Network-mini-HOWTO.html">Home-Network-mini-HOWTO</a>
|
|
<LI><A HREF="http://linuxdocs.org/HOWTOs/mini/IP-Subnetworking.html">IP-Subnetworking</a>
|
|
<P>
|
|
If you know nothing about what linux can do, you must read '<A HREF="http://www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html">The Linux Networking Overview HOWTO</a>'.<P>
|
|
|
|
<B>Secure the baston host by packet filtering firewall using ipchains</b><P>
|
|
Ok now I got RedHat installed but the linux boxes were not protected yet. I need to setup firewall
|
|
and routing table in order to protect the linux machines and forwarding packets from Internal network
|
|
to extranet network. This is a really big job for home user, and me too. I did a lot of search at
|
|
freshmeat.net, google and sourceforge. I tried a lot of free firewalling
|
|
scripts and none of them provides good security and hard to modify. Yes I'm lazy to write my own
|
|
filtering and routing rules. You are lucky. I found a really good firewall scripts @ <A HREF="http://iceberg.als.cx/">ICEBERG</a>.
|
|
Their scripts are easy to modify and setup all the routing. I run their scripts on both of my linux
|
|
machines and then I'm free to do other tasks now. Thanks again ICEBERG. Following is a list of useful
|
|
documentation regarding firewalling and packet forwarding:<P>
|
|
<LI><A HREF="http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html">Firewall-HOWTO</a><BR>
|
|
<LI><A HREF="http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html">IP-Masquerade-HOWTO</a><BR>
|
|
<LI><A HREF="http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html">IPCHAINS-HOWTO</a><P>
|
|
If you wanna use Napster behind the firewall, you should read <A HREF="http://www.linuxdoc.org/HOWTO/mini/IPMasquerading+Napster.html">IPMasquerading+Napster mini-HOWTO</a><BR>
|
|
<P>
|
|
<B>Setup External DNS Server at baston host</b><P>
|
|
Although I'll use <A HREF="http://www.hn.org">HAMMER NODE</a> to host the DNS entry for my domain name, a working caching only nameserver is still required
|
|
to run the linux box. Configuration files were shown below:<P>
|
|
<A HREF="misc/chan/baston/named.boot.txt">/etc/named.boot</a><BR>
|
|
<A HREF="misc/chan/baston/named.conf.txt">/etc/named.conf</a><BR>
|
|
<A HREF="misc/chan/baston/named.ca.txt">/var/named/named.ca</a><BR>
|
|
<A HREF="misc/chan/baston/named.local.txt">/var/named/named.local</a><BR>
|
|
<A HREF="misc/chan/baston/named.myfakedomain.com.txt">/var/named/named.myfakedomain.com</a><BR>
|
|
<A HREF="misc/chan/baston/named.myhome.net.txt">/var/named/named.myhome.net</a><BR>
|
|
<A HREF="misc/chan/baston/named.rev.3.txt">/var/named/named.rev.3</a><BR>
|
|
<A HREF="misc/chan/baston/named.rev.2.txt">/var/named/named.rev.2</a><BR>
|
|
<P>
|
|
|
|
<B>Connecting to the ADSL modem</b><P>
|
|
Connecting the ADSL modem under linux is easy, just download the RPM of <A HREF="http://www.roaringpenguin.com/pppoe/">RP-PPPOE</a> from Roaring Penguin
|
|
Software Inc, install it and then run the adsl-setup, that's all. As easy as an window machine.<P>
|
|
|
|
<B>Migrating domain name to baston host</b><P>
|
|
At this moment, the web server does not seems working yet. I fixed it by adding the line below
|
|
to the /etc/httpd/conf/httpd.conf file:<P>
|
|
ServerName www.myfakedomain.com (for baston host)<BR>
|
|
ServerName www.myhome.net (for Intranet Server)<P>
|
|
The web servers on both linux were up and running after a reboot. Now what's next? I started my favourite
|
|
browser Netscape and did a search on my favourite search engine Google for a Free DNS server. Finally I
|
|
reach <A HREF="http://www.hn.org">HAMMER NODE</a>. I was lucky that I could reached hn.org. They provides free services for both dynamic I.P. and
|
|
static I.P. user. They have good and easy to use UI and manages to provides both reliable and stable service. I created a virtual
|
|
domain mappings accounts and have the configuration like this:<P>
|
|
<FORM>
|
|
<TABLE BORDER=2 CELLSPACING=0 CELLPADDING=3>
|
|
<TR><TD>Rec FQDN</TD><TD>Rec Type</TD><TD>Rec Value</TD><TD>DynDNS</TD><TD>MX Pref</TD><TD>Commands</TD></TR>
|
|
|
|
<TR><TD>myfakedomain.com<TD>NS</TD><TD>ns1.hn.org</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16131">
|
|
|
|
<TR><TD>myfakedomain.com</TD><TD>NS</TD><TD>aux1.hn.org</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16132">
|
|
|
|
<TR><TD>www.myfakedomain.com</TD><TD>CNAME</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16134">
|
|
|
|
<TR><TD>myfakedomain.com</TD><TD>A</TD><TD>202.xxx.xxx.xxx</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16135">
|
|
<TR><TD>mail.myfakedomain.com</TD><TD>MX</TD><TD>202.xxx.xxx.xxx</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16136">
|
|
<TR><TD>ns.myfakedomain.com</TD><TD>NS</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16138">
|
|
<TR><TD>mail.myfakedomain.com</TD><TD>CNAME</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="18787">
|
|
<TR><TD>ns.myfakedomain.com</TD><TD>CNAME</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
|
|
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="18823">
|
|
</FORM>
|
|
</TABLE>
|
|
<P>
|
|
After setup the DNS account from hn.org, I change the DNS entry, both of the primary and secondary server to the DNS server
|
|
provided by hn.org from the domain registration company (usually register.com or whatever). It may take some times to get
|
|
the DNS entry refresh.
|
|
<P>
|
|
Wonderful! Now the DNS entry was refreshed and all request to www.myfakedomain.com will forward to my baston host. That's simple huh?
|
|
Thanks for the great work of hn.org. For details about how to setup DNS entries, please refer to <A HREF="http://www.linuxdoc.org/HOWTO/DNS-HOWTO.html">DNS-HOWTO</a>.<P>
|
|
Because the machine connected to ADSL modem provide services for the public, that mean it will be accessed by anyone who have Internet
|
|
access from anywhere. I need to restrict the access of various tcpd services for this machine for security reason. I edited the file
|
|
/etc/hosts.allow and /etc/hosts.deny accordingly:<P>
|
|
/etc/hosts.allow<P>
|
|
ALL: 127.0.0.1<BR>
|
|
in.telnetd: 192.168.2.2<BR>
|
|
in.ftpd: 192.168.2.2<BR>
|
|
sshd: 192.168.2.2 203.xxx.xxx.xxx
|
|
<P>
|
|
/etc/hosts.deny<P>
|
|
ALL: ALL : spawn (echo Attempt from %h %a to %d at `date` | tee -a /xxx/xxx/tcp.deny.log | mail my@email.com )
|
|
<P>
|
|
As shown from the above configuration files, all machines from internal network can telnet, ftp, ssh and
|
|
sftp to the baston host. The address 203.xxx.xxx.xxx is the I.P. address of my office machine which is allowed
|
|
to remote login to the baston host using ssh and transfer file to the baston host using sftp. Telnet and ftp to
|
|
the baston host will never allow from machine outside the internal network because user name and password is
|
|
transmit in plaintext format. It may be captured by hacker easily. HTTPD is not included in the above
|
|
configuration file because HTTPD is not under controlled of INETD. <P>
|
|
|
|
<B>Connect to the baston host safely using SSH</b><P>
|
|
Telnet and FTP is allowed to connect to the baston host from the internal network. SSH and SFTP must be used to
|
|
connect from external network. Refer to the article '<A HREF="../issue61/dellomodarme.html">Using ssh</A>' from <I>Linux Gazette</I> about how
|
|
to setup and usage of SSH. You must install and running SSHD in order to support SSH. SFTP can be download from
|
|
<A HREF="http://enigma.xbill.org/sftp/">http://enigma.xbill.org/sftp/</a>. SFTP is easy to use and install, please refer to the readme from the web site.<P>
|
|
|
|
<B>Setup the Intranet Server</b><P>
|
|
In order to protect the internal network, I
|
|
disable all access from external network to my internal network:<P>
|
|
|
|
/etc/hosts.allow<P>
|
|
|
|
ALL: LOCAL 192.168.1.2 192.168.1.7<P>
|
|
|
|
/etc/hosts.deny<P>
|
|
|
|
ALL: ALL : spawn (echo Attempt from %h %a to %d at `date` | tee -a /xxx/xxx/tcp.deny.log | mail my@email.com )<P>
|
|
|
|
An email will be sent to my mailbox in case there are any activities attempt to connect to any prohibited services
|
|
to both of my linux server.<P>
|
|
|
|
As shown from figure 1, all internal machines have a host name. You can use whatever
|
|
host name and domain name for your internal network even the domain name is already
|
|
registered at NIC, however, special care must be taken when setting up your own internal
|
|
DNS server.<P>
|
|
|
|
<B>Setting up intranet DNS server - named</b><P>
|
|
Again, please refer to the HOWTO or technical books about how to setup a DNS server.
|
|
Following shows my configuration files of the DNS server running at the Intranet
|
|
server:<P>
|
|
<A HREF="misc/chan/intraserver/named.boot.txt">/etc/named.boot</a><BR>
|
|
<A HREF="misc/chan/intraserver/named.conf.txt">/etc/named.conf</a><BR>
|
|
<A HREF="misc/chan/intraserver/named.ca.txt">/var/named/named.ca</a><BR>
|
|
<A HREF="misc/chan/intraserver/named.local.txt">/var/named/named.local</a><BR>
|
|
<A HREF="misc/chan/intraserver/named.myhome.net.txt">/var/named/named.myhome.net</a><BR>
|
|
<A HREF="misc/chan/intraserver/named.rev.1.txt">/var/named/named.rev.1</a><BR>
|
|
<A HREF="misc/chan/intraserver/named.rev.2.txt">/var/named/named.rev.2</a><BR>
|
|
<P>
|
|
<B>More security issues</b><P>
|
|
Hackers are arounding you, only firewalling with packet filtering and
|
|
controlling services access from hosts.allow/hosts.deny are never enough.
|
|
A few security holes may discover everyday. You should subscribes to
|
|
corresponding mailing list and upgrade your linux constantly. A few more articles and
|
|
software about security is good and worth to introduce:<P>
|
|
<LI><A HREf="../issue46/pollman.html">Security for the Home Network LG #46</a><BR>
|
|
<LI><A HREF="http://www.linux-firewall-tools.com/linux/">Linux Firewall and Security Site</a><BR>
|
|
<LI><A HREF="http://users.dhp.com/~whisper/mason/">Mason - the automated firewall builder for Linux</a><BR>
|
|
<LI><A HREF="http://www.astaro.com">Astaro AG (Great firewall linux distribution with web interface)</a><BR>
|
|
<LI><A HREF="http://www.ethereal.com/">The Ethereal Network Analyzer</a><BR>
|
|
<LI><A HREF="http://www.nessus.org/">Nessus - The Security Scanner</a><BR>
|
|
<LI><A HREF="http://www.stunnel.org/">Stunnel - Universal SSL Wrapper</a><BR>
|
|
<P>
|
|
<B>How about POP3 and SMTP server?</b><P>
|
|
POP3, as same as TELNET and FTP, transfer username and password in plaintext and is considered
|
|
insecure. SPOP maybe setup to encrypt POP data. However, I don't want to store my personal email
|
|
in any machine outside internal network including my office's workstation. So I'm not going to
|
|
setup POP3 in the baston host. The reason not to allow SMTP because relaying mail is dangerous
|
|
because spammer will make use of your relayed SMTP server to send their hateful spam mails.
|
|
On the other hands, setting up a non-relayed SMTP server for yourself is meaningless because you
|
|
cannot send mail from your SMTP server outside the network. I
|
|
can simply login to my baston host using ssh and run pine to check and reply my message in a
|
|
secure way.<P>
|
|
<B>Subdomain for web server</b><P>
|
|
Wow, everything working now. I can host my web server, email server and ftp server at my home linux
|
|
box. It rocks! Now I need a subdomain resume.myfakedomain.com to host my online resume. Just add
|
|
the following lines to the /etc/httpd/conf/httpd.conf handles all the magic:<P>
|
|
|
|
RewriteEngine on<BR>
|
|
## Ignore www.myfakedomain.com<BR>
|
|
RewriteCond %{HTTP_HOST} !^www\.myfakedomain\.com [NC]<BR>
|
|
## A directory with the name of the subdomain must exist<BR>
|
|
RewriteCond %{DOCUMENT_ROOT}/%1 -d<BR>
|
|
## Add the requested hostname to the URI<BR>
|
|
## [C] means that the next Rewrite Rules uses this<BR>
|
|
RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]<BR>
|
|
## Translate abc.myfakedomain.com/foo to myfakedomain.com/abc/foo<BR>
|
|
RewriteRule ^([a-z-]+)\.myfakedomain\.com/?(.*)$ http://www.myfakedomain.com/$1/$2 [L]<BR>
|
|
|
|
<P>
|
|
<B>Other useful configuration files</b><P>
|
|
/etc/hosts (baston host)<P>
|
|
<PRE>
|
|
127.0.0.1 localhost.localdomain localhost
|
|
192.168.2.1 router.myhome.net router
|
|
192.168.2.2 gateway.myhome.net gateway
|
|
202.xxx.xxx.xxx www.myfakedomain.com www
|
|
</pre>
|
|
<P>
|
|
/etc/hosts (intranet gateway)<P>
|
|
<PRE>
|
|
127.0.0.1 localhost.localdomain localhost
|
|
192.168.1.1 server.myhome.net server
|
|
192.168.1.2 devel.myhome.net devel
|
|
192.168.1.3 php.myhome.net php
|
|
192.168.1.4 asp.myhome.net asp
|
|
192.168.1.7 be.myhome.net be
|
|
192.168.2.1 router.myhome.net router
|
|
192.168.2.2 gateway.myhome.net gateway
|
|
</pre><P>
|
|
/etc/resolv.conf (baston host)<P>
|
|
<PRE>
|
|
search myfakedomain.com
|
|
nameserver 127.0.0.1
|
|
</pre><P>
|
|
/etc/resolv.conf (intranet gateway)<P>
|
|
<PRE>
|
|
search myhome.net
|
|
nameserver 127.0.0.1
|
|
</pre><P>
|
|
<B>Network Card Setting</b><P>
|
|
Ethernet port setting:<P>
|
|
<IMG SRC="misc/chan/serverport.jpg" BORDER="2">
|
|
<P>
|
|
|
|
More network configuration files:<P>
|
|
<A HREF="misc/chan/baston/network.txt">/etc/sysconfig/network</a> (baston host)<BR>
|
|
<A HREF="misc/chan/baston/ifcfg-eth0.txt">/etc/sysconfig/network-scripts/ifcfg-eth0</a> (baston host)<BR>
|
|
<A HREF="misc/chan/baston/ifcfg-eth1.txt">/etc/sysconfig/network-scripts/ifcfg-eth1</a> (baston host)<P>
|
|
|
|
<A HREF="misc/chan/intraserver/network.txt">/etc/sysconfig/network</a> (Intranet gateway)<BR>
|
|
<A HREF="misc/chan/intraserver/ifcfg-eth0.txt">/etc/sysconfig/network-scripts/ifcfg-eth0</a> (Intranet gateway)<BR>
|
|
<A HREF="misc/chan/intraserver/ifcfg-eth1.txt">/etc/sysconfig/network-scripts/ifcfg-eth1</a> (Intranet gateway)<P>
|
|
<A HREF="misc/chan/rc.local.txt">/etc/rc.d/rc.local</a> (Both of the Baston host and Intranet gateway)<BR>
|
|
<P>
|
|
<B>TCP/IP setting summary</b><P>
|
|
<TABLE border=1>
|
|
<TR><TD colspan=2><B>Baston host</b></td></tr>
|
|
<TR><TD>Default Gateway:</td><TD>ppp0</td></tr>
|
|
<TR><TD>Nameserver:</td><TD>127.0.0.1</td></tr>
|
|
<TR><TD colspan=2> </td></tr>
|
|
<TR><TD>Network interface:</td><TD>eth0</td></tr>
|
|
<TR><TD>I.P. Address:</td><TD>192.168.3.1</td></tr>
|
|
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
|
|
<TR><TD colspan=2> </td></tr>
|
|
<TR><TD>Network interface:</td><TD>eth1</td></tr>
|
|
<TR><TD>I.P. Address:</td><TD>192.168.2.1</td></tr>
|
|
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
|
|
</table>
|
|
<P>
|
|
<TABLE border=1>
|
|
<TR><TD colspan=2><B>Intranet Server</b></td></tr>
|
|
<TR><TD>Default Gateway:</td><TD>192.168.2.1</td></tr>
|
|
<TR><TD>Nameserver:</td><TD>127.0.0.1</td></tr>
|
|
<TR><TD colspan=2> </td></tr>
|
|
<TR><TD>Network interface:</td><TD>eth0</td></tr>
|
|
<TR><TD>I.P. Address:</td><TD>192.168.1.1</td></tr>
|
|
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
|
|
<TR><TD colspan=2> </td></tr>
|
|
<TR><TD>Network interface:</td><TD>eth1</td></tr>
|
|
<TR><TD>I.P. Address:</td><TD>192.168.2.2</td></tr>
|
|
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
|
|
</table>
|
|
<P>
|
|
<TABLE border=1>
|
|
<TR><TD colspan=2><B>Workstations from Internal Network</b></td></tr>
|
|
<TR><TD>Default Gateway:</td><TD>192.168.1.1</td></tr>
|
|
<TR><TD>Nameserver:</td><TD>192.168.1.1</td></tr>
|
|
<TR><TD colspan=2> </td></tr>
|
|
<TR><TD>Network interface:</td><TD>eth0</td></tr>
|
|
<TR><TD>I.P. Address:</td><TD>192.168.1.X</td></tr>
|
|
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
|
|
</table>
|
|
<P>
|
|
<B>Further setup and reading</b><P>
|
|
What if you want to access your internal machine running
|
|
windowsz from the other network while maintaining security through the firewall?
|
|
The answer is using
|
|
Virtual Private Network (<A HREF="http://whatis.techtarget.com/WhatIs_Definition_Page/0,4152,213324,00.html">VPN</a>) technology. Linux do
|
|
support VPN in recent version. More details can be find
|
|
at <A HREF="http://linuxdocs.org/HOWTOs/mini/VPN.html">VPN HOWTO</a>.
|
|
If you have more than one domains and want to host at the same baston host, you may require special setting for your apache web server and sendmail
|
|
server. The next version of this article will include the walkthrough of the VPN and virtual domain setup.<P>
|
|
|
|
If you have any suggestions or comments regarding this document, please feel
|
|
free to contact me at <A HREF="mailto:rayxtra@hotmail.com">rayxtra@hotmail.com</A>.
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<P> <hr> <!-- P -->
|
|
<H5 ALIGN=center>
|
|
|
|
Copyright © 2001, Ray Chan.<BR>
|
|
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
|
Published in Issue 65 of <i>Linux Gazette</i>, April 2001</H5>
|
|
<!-- *** END copyright *** -->
|
|
|
|
<!--startcut ==========================================================-->
|
|
<HR><P>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="arndt.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue65/chan.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="collinge.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|